– %WINDIR%\services.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. – %TEMPDIR%\allja3.log This file contains collected information about the system. – %TEMPDIR%\zincite.log This file contains collected information about the system.

Registry

To each registry key one of the values is added in order to run the processes after reboot: